The output statement at the [edit forwarding-options port-mirroring family
ethernet-switching] hierarchy level specifies the output mirror interface for Layer 2
packets in a bridging environment:
•
Logical interface ge-2/0/0.0, which is associated with the external packet analyzer,
is configured as the port-mirroring destination.
•
The optional no-filter-check statement allows filters to be configured on this
destination interface.
3.
Configure the Layer 2 port-mirroring firewall filter example-bridge-pm-filter:
[edit]
firewall {
family ethernet-switching {
filter example-bridge-pm-filter {
term example-filter-terms {
then {
accept;
port-mirror;
}
}
}
}
}
When this firewall filter is applied to the input or output of a logical interface for traffic
in a bridging environment, Layer 2 port mirroring is performed according to the input
packet-sampling properties and mirror destination properties configured for the Layer 2
port mirroring global instance. Because this firewall filter is configured with the single,
default filter action accept, all packets selected by the input properties (rate = 10 and
run-length = 5) match this filter.
4.
Configure the logical interfaces:
[edit]
interfaces {
ge-2/0/0 { # Define the interface to the external analyzer
encapsulation ethernet-bridge;
unit 0 {
family ethernet-switching;
}
}
ge-2/0/6 { # Define the traffic input port
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 0 {
vlan-id 100;
family ethernet-switching {
filter {
input example-bridge-pm-filter; # Apply the port-mirroring firewall filter
}
}
}
}
ge-3/0/1 { # Define the traffic output port
57Copyright © 2016, Juniper Networks, Inc.
Chapter 7: Port Mirroring for Logical interfaces
To Next Page
Loading...
